Date: Thu, 12 Apr 2012 11:32:27 +0200 From: Per Thorsheim <per@...rsheim.net> To: john-dev@...ts.openwall.com Subject: Re: MSCash2 formats reliability & usability > IMO we should not drop the iteration count support. Any admin can raise > it with a change in the registry, and MS may bump the default at any time. +1. I guess the same thing applies to the previous discussions regarding episerver hashes, where episerver now no longer have their own algorithms. Now episerver uses whatever configuration set in Microsoft .NET, which is offers not only a range of algorithms for encryption and hashing, but also options for configuring number of iterations etc. Essentially this applies to any applications that will use .NET for protecting passwords in some form. (Although I doubt most admins will ever change from default though...) -- Best regards, Per Thorsheim CISA, CISM, CISSP-ISSAP securitynirvana.blogspot.com Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.